0
我正在尝试通过直线获取hiveserver2以与kerberized HDP 2.3群集一起工作。我在亚马逊ec2。Kerberized Hadoop Hive直线访问问题
一旦我得到一种可再生的票,我能够执行HDFS操作也推出先生的工作..
即使蜂巢CLI无法通过蜂巢服务器2 ..那工作以及..
当我尝试通过直线连接..我得到一个错误周围没有找到tgt ..当我实际上它是beuuching直线命令
我得到票作为我自己的用户..但我使用配置单元/ @为主..
只为t esting我试图用自己的蜂巢密钥表取票以及..没有工作..
很多文章只是建议发动直线前续订令牌..没有工作
一篇文章建议使用不同的主体和密钥表为蜂巢metastore ...
的建议
这里是在/ etc/krb5的SASL启用没有工作。 CONF:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = ABC.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 30m
renew_lifetime = 10h
forwardable = true
udp_preference_limit = 1
[realms]
ABC.COM = {
kdc = localhost
admin_server = localhost
default_principal_flags = +renewable
max_renewable_life = 7d 0h 0m 0s
}
[domain_realm]
.abc.com = ABC.COM
abc.com = ABC.COM
TicketDetails:
$ klist -f
Ticket cache: FILE:/tmp/krb5cc_500
Default principal: [email protected]
Valid starting Expires Service principal
10/17/15 13:40:26 10/17/15 14:10:26 krbtgt/[email protected]
renew until 10/17/15 23:04:27, Flags: FRIT
$ date
Sat Oct 17 13:41:02 EDT 2015
的直线连接字符串:
!connect jdbc:hive2://<hive_host>:10000/default;principal=hive/ip-<hive_host>.ec2.internal[email protected]
为蜂巢服务器2 netstat的输出:
$ sudo netstat -tunlp | grep 10000
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 11272/java
我曾试图结合它到私人IP以及..相同结果..
全STRACK从直线
Error: Could not open client transport with JDBC Uri: jdbc:hive2://<hive_host>:10000/default;principal=hive/ip-<hive_host>[email protected]: GSS initiate failed (state=08S01,code=0)
0: jdbc:hive2://<hive_host>:10000/default (closed)> 15/10/17 13:06:14 [main]: ERROR transport.TSaslTransport: SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:212)
at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)
at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:210)
at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:180)
at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105)
at java.sql.DriverManager.getConnection(DriverManager.java:571)
at java.sql.DriverManager.getConnection(DriverManager.java:187)
at org.apache.hive.beeline.DatabaseConnection.connect(DatabaseConnection.java:142)
at org.apache.hive.beeline.DatabaseConnection.getConnection(DatabaseConnection.java:207)
对我缺少的是什么任何建议痕迹?
的KMS是游侠KMS